Troy Hunt

SEPTEMBER 17, 2019

Allow me to be controversial for a moment: arbitrary password restrictions on banks such as short max lengths and disallowed characters don't matter. Also, allow me to argue with myself for a moment: banks shouldn't have these restrictions in place anyway. This just feels wrong but I can’t come up with a strong argument against it.

Banking 273

Banking Passwords Accountability Authentication 273

Krebs on Security

MARCH 21, 2019

Hundreds of millions of Facebook users had their account passwords stored in plain text and searchable by thousands of Facebook employees — in some cases going back to 2012, KrebsOnSecurity has learned. Renfro said the company planned to alert Facebook users today, but that no password resets would be required.

Passwords 56

Passwords Engineering Accountability Advertising 56

Krebs on Security

FEBRUARY 19, 2020

Networking software giant Citrix Systems says malicious hackers were inside its networks for five months between 2018 and 2019, making off with personal and financial data on company employees, contractors, interns, job candidates and their dependents. 13, 2018 and Mar.

VPN 363

VPN Passwords Software Telecommunications 363

Krebs on Security

JANUARY 6, 2020

Organizations in the throes of cleaning up after a ransomware outbreak typically will change passwords for all user accounts that have access to any email systems, servers and desktop workstations within their network. In mid-November 2019, Wisconsin-based Virtual Care Provider Inc. ” WHOLESALE PASSWORD THEFT.

Passwords 271

Passwords Ransomware Password Management Malware 271

Krebs on Security

DECEMBER 19, 2024

” According to Intel 471, this same Discord account was advertised in 2019 by a person on the cybercrime forum Cracked who used the monikers “ ORN ” and “ ori0n.” codes in 2021 using the password “ ceza2003 ” [full disclosure: Constella is currently an advertiser on KrebsOnSecurity].

Hacking 249

Hacking Cybercrime Advertising Data breaches 249

Adam Levin

OCTOBER 2, 2019

Gnosticplayers shared a data sample that included user names, email addresses, logins, passwords, phone numbers, Facebook IDs, and Zynga account IDs. Zynga released a statement saying only that, “certain player account information may have been illegally accessed by outside hackers.

Accountability 178

Accountability Data breaches Passwords Hacking 178

Krebs on Security

MARCH 26, 2024

Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple’s password reset feature. “It was like this system notification from Apple to approve [a reset of the account password], but I couldn’t do anything else with my phone.

Passwords 359

Passwords Accountability Phishing Cryptocurrency 359

Krebs on Security

NOVEMBER 3, 2020

Two young men from the eastern United States have been hit with identity theft and conspiracy charges for allegedly stealing bitcoin and social media accounts by tricking employees at wireless phone companies into giving away credentials needed to remotely access and modify customer account information. Prosecutors say Jordan K.

Scams 356

Scams Wireless Identity Theft Mobile 356

Security Affairs

MARCH 27, 2020

Google announced to have warned users of almost 40,000 alerts of state-sponsored phishing or malware attacks during 2019. Google shared data on alerts related to state-sponsored attacks, the tech giant revealed that it issued almost 40,000 alerts of state-sponsored phishing or malware attacks to its users during 2019.

Phishing 145

Phishing Accountability Advertising Malware 145

Malwarebytes

OCTOBER 1, 2024

Ireland’s privacy watchdog Data Protection Commission (DPC) has fined Meta €91M ($101M) after the discovery in 2019 that Meta had stored 600 million Facebook and Instagram passwords in plaintext. Most of these passwords belonged to Facebook Lite users, but it affected other Facebook and Instagram users as well.

Passwords 145

Passwords Data breaches Media Phishing 145

Zero Day

JUNE 6, 2025

Also: Massive data breach exposes 184 million passwords for Google, Microsoft, Facebook, and more Individually, any one of those pieces of data can be exploited by the wrong people. Collectively, they could easily put affected customers at risk for account takeovers and identity theft.

Password Management 128

Password Management Passwords Software Artificial Intelligence 128

Security Affairs

AUGUST 5, 2020

ZDNet reported in exclusive that a list of passwords for 900+ enterprise VPN servers has been shared on a Russian-speaking hacker forum. ZDNet has reported in exclusive that a list of plaintext usernames and passwords for 900 Pulse Secure VPN enterprise servers, along with IP addresses, has been shared on a Russian-speaking hacker forum.

VPN 145

VPN Passwords Banking Advertising 145

Krebs on Security

JANUARY 19, 2021

The government says Ferizi and his associates made money by hacking PayPal and other financial accounts, and through pornography sites he allegedly set up mainly to steal personal and financial data from visitors. Between 2015 and 2019, Ferizi was imprisoned at a facility in Illinois that housed several other notable convicts.

Identity Theft 349

Identity Theft Government Accountability Social Engineering 349

Security Affairs

APRIL 14, 2020

Quidd , an online marketplace for trading stickers, cards, toys, and other collectibles, discloses a data breach in has suffered in 2019. Quidd , the online marketplace for trading stickers, cards, toys, and other collectibles, discloses a data breach in has suffered in 2019, it is also recommending users to change their passwords.

Accountability 145

Accountability Hacking Data breaches Passwords 145

Troy Hunt

JANUARY 17, 2024

Occasionally though, the corpus of data is of much greater significance, most notably the Collection #1 incident of early 2019. Website, username and password: That's just the first 20 rows out of 5 million in that particular file, but it gives you a good sense of the data. Is it legit? The VideoScribe service on line 9: Exists.

Passwords 363

Passwords Password Management Hacking Accountability 363

Troy Hunt

JUNE 8, 2021

Ever notice how there was a massive gap of almost 9 months between announcing the intention to start open sourcing Have I Been Pwned (HIBP) in August last year and then finally a couple of weeks ago, actually taking the first step with Pwned Passwords ? I was pretty excited when I saw PRs coming in right after launching that last blog post.

Passwords 360

Passwords Accountability 360

Troy Hunt

JANUARY 8, 2019

Very often, those addresses are accompanied by other personal information such as passwords. No, and the passwords are the very first thing that starts to give it all away. The attack is simple but effective due to the prevalence of password reuse. That's it, job done, they're into your account.

Hacking 261

Hacking Passwords Accountability Data breaches 261

CyberSecurity Insiders

MAY 6, 2022

World Password Day is celebrated in May every year and is being done since 2013 as a group of Cybersecurity Professionals declared the first Thursday of May every year as the day to celebrate as the security day of our online lives. And remember, passwords can be stolen, compromised and can be easily forgotten.

Passwords 118

Passwords Authentication Accountability Password Management 118

Krebs on Security

JANUARY 24, 2020

On December 23, 2019, unknown attackers began contacting customer support people at OpenProvider , a popular domain name registrar based in The Netherlands. “But a registrar should not act on instructions coming from a random email address or other account that is not even connected to the domain in question.”

DNS 334

DNS Social Engineering Engineering Accountability 334

Krebs on Security

OCTOBER 31, 2022

A 26-year-old Ukrainian man is awaiting extradition from The Netherlands to the United States on charges that he acted as a core developer for Raccoon , a popular “malware-as-a-service” offering that helped paying customers steal passwords and financial data from millions of cybercrime victims. stolen with the help of Raccoon.

Malware 341

Malware Identity Theft Cybercrime Accountability 341

Krebs on Security

MARCH 31, 2020

Barrie said the hacker was able to read messages and notes left on escrow.com’s account at GoDaddy that only GoDaddy employees should have been able to see. “This guy had access to the notes, and knew the number to call,” to make changes to the account, Barrie said.

Phishing 345

Phishing DNS Social Engineering Accountability 345

Krebs on Security

SEPTEMBER 2, 2024

agency , a once popular online service that helped attackers intercept the one-time passcodes (OTPs) that many websites require as a second authentication factor in addition to passwords. Launched in November 2019, OTP Agency was a service for intercepting one-time passcodes needed to log in to various websites. 30 by the U.K.’s

Accountability 312

Accountability Banking Passwords Scams 312

Adam Levin

JULY 10, 2020

billion records have already been exposed, and that’s only accounting for the first quarter of 2020. For comparison, that’s a 273% increase over the first two quarters of 2019 combined. million records): Hackers successfully breached the accounts of two Marriott employees and compromised the PII of at least 5.2 Marriott (5.2

Data breaches 252

Data breaches Social Engineering Antivirus Scams 252

SecureWorld News

FEBRUARY 20, 2025

He urges enterprises to implement Privileged Access Management (PAM) solutions and multi-factor authentication (MFA) and to enforce robust password policies to reduce the risk of account compromise. Strengthening identity security Enforce phishing-resistant MFA for all privileged accounts.

Ransomware 112

Ransomware IoT Encryption Social Engineering 112

CyberSecurity Insiders

OCTOBER 13, 2021

Problems arise for businesses when they base their access management programs entirely around passwords, however. Such programs overlook the burden that passwords can cause to users as well as to IT and security teams. Passwords: An unsustainable business cost. Users have too many passwords to remember on their own.

Passwords 141

Passwords Accountability Data breaches Authentication 141

Security Affairs

SEPTEMBER 28, 2024

The Irish Data Protection Commission (DPC) fined Meta €91 million for storing the passwords of hundreds of millions of users in plaintext. In 2019, Meta disclosed that it had inadvertently stored some users’ passwords in plaintext on its internal systems, without encrypting them. ” reported Meta.

Passwords 134

Passwords Media Encryption Internet 134

Krebs on Security

JULY 13, 2020

Data Viper , a security startup that provides access to some 15 billion usernames, passwords and other information exposed in more than 8,000 website breaches, has itself been hacked and its user database posted online. Password re-use becomes orders of magnitude more dangerous when website developers engage in this unsafe practice.

Hacking 363

Hacking Marketing Cybercrime Accountability 363

The Last Watchdog

OCTOBER 16, 2019

Related: Cyber risks spinning out of IoT Credential stuffing and account takeovers – which take full advantage of Big Data, high-velocity software, and automation – inundated the internet in massive surges in 2018 and the first half of 2019, according to multiple reports. Hackers count on it.

Big data 164

Big data Accountability Passwords Digital transformation 164

The Last Watchdog

OCTOBER 15, 2019

If there ever was such a thing as a cybersecurity silver bullet it would do one thing really well: eliminate passwords. Threat actors have proven to be endlessly clever at abusing and misusing passwords. So what’s stopping us from getting rid of passwords altogether? Passwords may have been very effective securing Roman roads.

Passwords 164

Passwords Authentication Data breaches Internet 164

Malwarebytes

DECEMBER 21, 2021

This enormous injection of used passwords has puffed up the world’s largest publicly available password database by 38%, according to Hunt. HIBP) allows users to type in an email address, phone number or password and find out how many times they’ve been involved in a data breach. Have I Been Pwned?’. Have I Been Pwned?’

Passwords 145

Passwords Password Management Authentication Data breaches 145

Krebs on Security

JULY 8, 2019

The crooks behind an affiliate program that paid cybercriminals to install the destructive and wildly successful GandCrab ransomware strain announced on May 31, 2019 they were terminating the program after allegedly having earned more than $2 billion in extortion payouts from victims. The GandCrab identity on Exploit[.]in Vpn-service[.]us

Ransomware 279

Ransomware Accountability Cybercrime Passwords 279

Krebs on Security

OCTOBER 21, 2019

Antivirus and security giant Avast and virtual private networking (VPN) software provider NordVPN each today disclosed months-long network intrusions that — while otherwise unrelated — shared a common cause: Forgotten or unknown user accounts that granted remote access to internal systems with little more than a password.

Accountability 175

Accountability VPN Software Antivirus 175

eSecurity Planet

JULY 23, 2021

LastPass is password management software that’s been popular among business and personal users since it was initially released in 2008. Like other password managers, LastPass provides a secure vault for your login credentials, personal documents, and other sensitive information. When it was acquired by LogMeIn Inc.

Password Management 133

Password Management Passwords Authentication Architecture 133

Krebs on Security

MAY 3, 2019

Its account and transaction processing systems power the Web sites for hundreds of financial institutions — mostly small community banks and credit unions. The authentication weakness allowed bank customers to view account data for other customers, including account number, balance, phone numbers and email addresses.

Banking 245

Banking Accountability Passwords Technology 245

Krebs on Security

OCTOBER 30, 2019

Top domain name registrars NetworkSolutions.com , Register.com and Web.com are asking customers to reset their passwords after discovering an intrusion in August 2019 in which customer account information was accessed. A spokesperson for Web.com later clarified that the company does not believe customer passwords were accessed.

Passwords 181

Passwords Accountability Encryption Data breaches 181

Krebs on Security

NOVEMBER 21, 2020

And in May of this year, GoDaddy disclosed that 28,000 of its customers’ web hosting accounts were compromised following a security incident in Oct. 2019 that wasn’t discovered until April 2020. “This gave the actor the ability to change DNS records and in turn, take control of a number of internal email accounts. .

Cryptocurrency 364

Cryptocurrency Scams VPN Social Engineering 364

Schneier on Security

FEBRUARY 3, 2021

Microsoft analyzed details of the SolarWinds attack: Microsoft and FireEye only detected the Sunburst or Solorigate malware in December, but Crowdstrike reported this month that another related piece of malware, Sunspot , was deployed in September 2019, at the time hackers breached SolarWinds’ internal network.

Computers and Electronics 363

Computers and Electronics Malware Software Government 363